Hi all,

 

2010 is behind us…welcome to the first Patch Tuesday of 2011!  Today Microsoft released a mere 2 patches, addressing 3 new vulnerabilities.  It’s a nice way to start the year, although I said that last January too, only to be faced with Aurora soon after (knock on wood).  

 

The two new patches released today are not terribly noteworthy on their own.  MS11-001 affects only Vista, and is not expected to introduce serious risk to most organizations.  MS11-002 potentially allows attackers to exploit a victim via a maliciously-crafted web page, which makes it a high priority for deployment.  No known exploits are circulating for these vulns at this time.

 

On top of the 3 vulns that were patched, the last few weeks have seen an unusual flurry of publically-disclosed vulnerabilities that MS has not yet patched.  It’s not at all unusual for a vendor to have a backlog of vulnerabilities they are working on, but we don’t typically see so many disclosed to the public so closely together.  Most of these were helpfully packaged by their authors with POC exploit code, and at least one (CVE-2010-3971) is being actively exploited in the wild in limited circumstances.  Microsoft provides a helpful summary around 5 of these unpatched vulns on their Security Research & Defense blog.

 

If any of these flare up into real threats, we might expect to see a set of out-of-band patches released later in the month.  Otherwise, it’s likely that many of these will be patched in February.  McAfee Labs is still sorting through some of the details associated with the unpatched vulns, but so far we can confirm the following coverage for the 8 vulns in total (3 patched, 5 unpatched):

 

  • McAfee VirusScan's buffer overflow protection is expected to provide proactive protection against exploits of 7 out of 8 vulns.
  • McAfee's Host Intrusion Prevention is expected to provide proactive protection against exploits of 7 out of 8.
  • McAfee's Application Control is expected to provide proactive protection for at least 3 out of 8 new vulnerabilities.
  • McAfee's Network Security Platform will very shortly have content to protect against exploits of 6 out of 8 new vulnerabilities.
  • McAfee Vulnerability Manager and Policy Auditor have content to assess whether your systems are exposed to any of these new vulnerabilities.

 

Happy patching!

 

Scott